I really need an encrypted filesystem so I can store my external drive off-site for backup/DR (it's connected via USB2). I have tried:

(*) cryptoloop/cryptoAPI. Total sludge. Locks up my 2.6.3 kernel constantly, often with no output, often in the middle of mkfs. Of course, it's barely documented, but I'm following the kerneli.org docs as best as I can. I'm pretty sure I'm doing things right and it works in "toy" setups (10M), but try it with a 120GB filesystem and bork bork bork. It also bothers me that the kerneli guys don't care much about continuity, as 2.4.x-era filesystems are not compatible with 2.6.x, so I assume someday when we get to 2.8.x I'll have to go through some hellish conversion.

(Forgot to mention: losetup only prompts you ONCE for a password! What the hell is that? I'm typing in a long passphrase and losetup doesn't ask me to type it again!? Suppose I typo it and then work with it for a week...when I try to remount it, I don't know the password and I'm out of luck. Bad programming...)

(*) BestCrypt. Nice package, well-documented. Unfortunately, raw block devices are hopelessly borked. I constantly get strange dmesg errors about "bogus i_modes" and such when it's under load and it has repeatedly broken the filesystem in my experiments. I guess I'll try setting up a big container next...blech.

Ah, well, loop-aes didn't pan out...have to manually patch util-linux and I'd rather not do that unless it's the only option. The util-linux in the portage tree doesn't understand loop-aes. So be it.

Guess I'm left with the one remaining option: BestCrypt, using a big container (instead of a block device). And in another 5 hours, when it's done setting up a 100Gb container, I'll see how that works...

I rebuilt my home samba box last November and I did some looking for encrypted filesystems. I wanted to encrypt both swap and my data partitions (the patriot act and other anti-privacy legislation scares me).

I read about a number of projects, but there was very little development on most of them and they were not being maintained. I wound up tabling the idea for a rainy day, but I am interested in reading about your findings.

Cheers.

- John_________________All that is necessary for the triumph of evil is that good men do nothing.
-- Edmund Burke (1729-1797)

OK, I'm going off to look at dm-crypt. Is that the same stuff that's in 2.6.4? rc1 is out and there's lots of mentions of dmcrypt in the changelog.

BestCrypt with a big container failed - locked up the system while I was mkfsing.

I don't need/want an encrypted root. 99.9% of it is system binaries that are publicly available. Anything unique to the system is either (a) off on separate storage (/home is linked off, as is /var/www, /usr/local, etc.), or (b) in /etc...login passwords and config files are sensitive from a break-in-over-the-net point of view, but not in a "someone stole your box and you need to keep it secret" scenario.

I can see encrypted swap but haven't got that far yet.

I just want crypto for backups to a removable disk I can take off-site. Seems like a simple, reasonable need...I'm guessing it's the size of data (120Gb) I'm using but hey, that's what I need